From: "Caspar Bowden" <cb@fipr.org>
To: "FIPR-AC (E-mail)" <fipr-ac@netlists.liberty.org.uk>,
"Ukcrypto (E-mail)" <ukcrypto@chiark.greenend.org.uk>
Subject: FULL ARTICLE: Sunday Times 15/4/2001: "No Hiding Place"
Date: Wed, 18 Apr 2001 00:56:39 +0100
Original online version was truncated to under half-length (and weirdly had
April 1st dateline) - now relaced by full version
--
Caspar Bowden Tel: +44(0)20 7354 2333
Director, Foundation for Information Policy Research
RIP Information Centre at: www.fipr.org/rip#media
http://www.sunday-times.co.uk/news/pages/sti/2001/04/15/magazine1.html?1007000
April 15 2001 SUNDAY TIMES MAGAZINE
Britain is now a surveillance state. The authorities may be prying into your'private' life this second. And in the electronic age, it is much easier forinnocent people to be mistaken for criminals. Bryan Appleyard investigatesNO HIDING PLACETHE SURVEILLANCE TRAP | YOUR WHOLE LIFE LAID BARE
Privacy is dead. We are watched by 1.5m closed-circuit television cameras,
more per head of population than any country on Earth. Our government,
police and intelligence services have more legal powers to poke around in
our private lives than those of communist China. And thanks to new
technologies from mobile phones to the internet, they can use those powers
to find out where we are, whom we talk or send e-mails to, and what websites
we click on. According to most experts in the field, a police state with
powers of control and surveillance beyond the wildest dreams of Hitler or
Stalin could now be established in Britain within 24 hours. And guess what:
MI5 probably read this article before you did. It was delivered by e-mail, a
hopelessly insecure system. It is full of the sort of security-sensitive
words the spooks look out for, and, as I shall explain, I seem to be an MI5
target.
But the weirdest thing of all is that we really don't care. To take an
example that may sound trivial but isn't, the Television Licensing Authority
is currently running an advertising campaign boasting of its ability to
invade our privacy. Hoardings show a local street sign with the caption that
declares, four people in this street don't have a TV licence and the TLA
knows who they are.
Duncan Bennett, a systems administrator with the Medical Research Council in
Cambridge, knows exactly what this means. He hasn't had a TV in 10 years and
yet, annually, he gets threatening letters from the TLA. He has now
discovered that, with no evidence against him whatsoever, they can get a
warrant - always automatically granted - to break into and search his house.
He is assumed to be guilty until proven innocent, a terrible inversion of
ancient common-law tradition. He has struggled to find anybody willing to
take up his campaign on the issue. Bennett is not suspected of
drug-trafficking, terrorism or subversion. He is suspected of having a TV
without a licence. Only in Britain would such an abuse of power - or even
such advertisements - be tolerated.
We seem to have such fear of crime, and such a mute acceptance of the
seizure of power by the authorities, that we are actually comforted by the
thought that we are being watched all the time. This, in the current climate
of paranoia and high technology, is dangerous. Our right to live a
law-abiding life without interference is now utterly compromised. The
Englishman's home is no longer his castle, it is his virtual interrogation
cell.
How did we get here? The story begins in a bedroom in Cheltenham in 1969.
James Ellis, an employee of the Government Communications Headquarters,
Britain's global listening post, had been working on the problem of coding,
more accurately known as encryption. Thanks to our cracking of the German
Enigma code during the second world war, the British were regarded as world
masters of this art. Since then, GCHQ had been working closely with the
American National Security Agency (NSA) to ensure that the good guys - us -
would always be able to crack or write codes more successfully than the bad
guys - primarily the Soviets.
In his bedroom, Ellis had an idea for a system of encryption that would be
utterly unbreakable. But his system was so completely at odds with
prevailing wisdom that it was at once rejected by almost everybody in the
code business. Ellis died in 1997, professionally anonymous to the last, and
just a month before his brilliance was generally recognised when GCHQ
finally published his papers on their website.
Until then, everybody thought the first man to have this idea was an
American named Whitfield Diffie. In 1975, Diffie had independently
experienced the same eureka moment as Ellis, but his insight was made
public. At that moment, both GCHQ and NSA, not to mention every other
security and intelligence service on the planet, suffered a crisis from
which they have yet to recover, and the issue of individual privacy leapt to
the top of the political agenda, where, almost everywhere except in Britain,
it remains.
The Ellis/Diffie invention was what is now called public key cryptography
(PKC). It is the most powerful coding system that has ever been devised.
It's what you use if you bank or buy on the internet. You don't know you're
using it: your computer does it for you. It offers everybody the power to
communicate in unbreakable codes. As a result, it's easily the worst thing
that has ever happened to the spooks and the police. Beside this, Kim Philby
was a minor hiccough.
This is how it works. Normally, if one spook wants to send a coded message
to another, he does so in a code that can be unlocked by a key - a string of
numbers - known to both of them. The problem is, they have somehow to give
each other the key. Diplomats going through customs handcuffed to briefcases
are one way of passing on keys. But you can mug a diplomat and, as the
British showed when they seized a German Enigma machine, you can intercept
keys transmitted by any other means. Either way, the spooks lose their
secrecy.
In PKC, one party makes his key completely public; anybody can have it.
This public code allows anybody to encode their message and send it. But the
public key can only encrypt the message, it cannot decrypt it. Only the
secret key possessed by the recipient can unscramble the message. As long as
he keeps his key secret - an easy task, because he need never share it with
anyone else - then his code is unbreakable.
The one flaw in this might be the use of supercomputers simply to run
through all possible key combinations - a so-called "brute force" attack.
Keys are just sequences of numbers, after all. But now that more powerful
personal computers and software accept much longer keys, it would take
billions of years for a brute-force attack to succeed. Rumour has it - there
are only ever rumours in this area - that the NSA has spent $5 billion
trying to crack the strongest contemporary codes and failed.
Since both the NSA and GCHQ are founded on the principle that they should be
able to read any communication anywhere in the world, this is their worst
nightmare. Since 1975 they have been battling to find ways of ensuring they
can still eavesdrop on anything. And, because Diffie's trick was already out
there among the nerds and hackers of the world, this battle had to take
place in public. Essentially, both the British and American security
services wanted copies of all keys to be lodged with government agencies -
so-called "key escrow" - or, as in the system we now have in Britain, they
wanted to be able to demand the surrender of keys.
But the libertarian nerds, known in this field as "cypherpunks", fought back
in the name of freedom from the all-seeing eyes of Big Brother government.
In the United States they have had some success, thanks to the native
distrust of government; in Britain they have had almost none.
After the collapse of communism in 1989, this issue became even more urgent.
The primary targets of the security services were no longer the Soviets. Now
they were organised criminals, drug traffickers and terrorists. This meant
they wanted to watch their own citizens rather than just foreign spooks. The
possibility of the high-tech, constant-surveillance Big Brother state was
threatening to become a reality.
PKC had become much more than a brilliant mathematical trick: it was now the
centre of a bitter philosophical and political debate about the privacy of
the individual. This has now spilt over into just about every area of public
policy. Before PKC, the spooks could watch and never explain anything. After
PKC, they had to come out and argue their case.
The big questions are obvious. How much should the government be able to
find out about me and the things I do? Should it be able to read all my
private messages, my bank accounts, my health records? Do I have any right
to privacy at all, or does the public interest in the possibility that I
might be a terrorist, paedophile, criminal or spy overrule all other
considerations?
Cryptography was only the beginning of this debate. Technology - whether in
the form of computers, mobile phones, credit cards, store cards or
closed-circuit television cameras with sophisticated face recognition
systems - means that people can now, if they like, know almost everything
about anybody.
We all leave an electronic trail wherever we go, whatever we do. This trail
is impossible for the individual to eradicate or control.
Much of this trail may seem innocent - what you buy at Tesco using your
loyalty card is hardly likely to be a sensitive matter. But the point about
computer memory and processing power is that it is expanding at a rate few
of us can begin to understand. As a result, thanks to those loyalty cards,
it is perfectly possible to trawl through everything you have ever bought at
Tesco, and that can produce a startlingly detailed picture of your life.
"I'm not embarrassed about my shopping," says Ian Brown, a researcher into
mobile multimedia security at University College, London, "but the insidious
nature of this is that it's not the day-by-day information, it's knowing
about all your grocery for the last five years. It's amazing how much you
can tell about someone from the pattern of their buying." Furthermore,
information breeds information. Once I know one thing about you, I can
generally find out another. Using a technique known as 'social
engineering' - essentially a simple con trick - armed with a few details
like your date of birth and post code, I can easily convince some lowly
clerk on the phone that I am you and seduce him into parting with more
sensitive material.
When you add into that mix internet usage and e-mails - neither of which are
remotely secure unless you go out of your way to make sure they are - it
becomes easy to build up staggeringly detailed pictures of the lives and
habits of almost anybody. Indeed, there is an automated global system
code-named Echelon, operated by the US, UK, Canada, Australia and New
Zealand, which is believed to intercept up to 3 billion communications a
day, trawling through them for sensitive words that might indicate a
security threat - it may well pick up this article in transit. Some claim
that 90% of internet traffic is scanned by Echelon.
The exact figures are unknown, because the system is top secret. Indeed,
Britain, alone among these countries, does not even admit it exists. Simon
Davies, head of the pressure group Privacy International and a
self-confessed cypherpunk, describes Echelon as "black-helicopter,
Mulder-and-Scully stuff". As in The X Files, the truth is out there, but so
is somebody who doesn't want you to know.
Even by just collating all the addresses of your e-mail correspondents, the
security services can construct "friendship trees", patterns of association
that, whether you are guilty or not, may connect you to terrorists or
criminals.
Closed-circuit television (CCTV) cameras are the final turn of the screw.
There are now 1.5m of these operating in Britain, and some, as in the London
borough of Newham, use facial recognition software that automatically
identifies target individuals. Some of these cameras are visible, but many,
in pubs and clubs, are not. In time, it is thought these cameras will be
linked in a nationwide web. They will become, as Dr Stephen Graham of the
University of Newcastle upon Tyne has suggested, the "fifth utility", after
telephones, water, gas and electricity. "These networks," he writes, "have
long since merged and extended to become technologically standardised,
multipurpose, nationally regulated utilities, with virtually universal
coverage. I would argue that CCTV looks set to follow a similar pattern of
development over the next 20 years, to become a kind of fifth utility."
"We have far more of these cameras that any other country," Graham tells me,
"though Germany and the US are now catching up. Why? Well, I suppose we have
fewer constitutional and political fears about invasions of privacy.
We have a huge fear of crime and we have no totalitarian past like almost
all the other countries in Europe."
Graham believes the key to the future, networked power of CCTV is
automation. "The key to the limitations of their use was the human operator,
who just got bored. Soon, software will be able to do all that, and then the
power will be in the hands of the software writers to decide what is
abnormal behaviour. It will all be hidden - there will be no
accountability."
And, in their book The Maximum Surveillance Society: The Rise of CCTV, the
academics Clive Norris and Gary Armstrong write: "The architecture of the
maximum surveillance society is now in place." Their point is that the
hardware of CCTV is so firmly in position that enabling it to watch
everybody all the time is now merely a software problem.
Meanwhile, other surveillance technologies are springing up all the time.
Police in the US, and some private agencies here, now have machines - called
IMSI catchers - in their cars that fool your mobile phone into thinking they
are base stations on your network. They can even tell your phone not to use
any form of encryption. So they can listen to every mobile call you make. In
addition, all big companies in the City of London routinely have to attach
devices to their windows to prevent sensitive meetings being overheard
through remote sensors that pick up voices from vibrations of the glass. Or
there are Van Eck devices, which can read everything on your computer screen
from a street away from your house. It is rumoured that one of these
machines has been refined to the point where it can pick out one computer
screen at the top of Canary Wharf from street level. Or tiny airborne
devices the size of butterflies are being developed that can watch every
move you make. And so on and so on. "It is plausible," writes Bruce
Schneier, an American security consultant, in his book Secrets & Lies, "that
we could soon be living in a world without expectation of privacy, anywhere
or at any time."
Soon, some have suggested, we shall have to record our entire lives on audio
and video just to establish an alibi, in case we are implicated in a crime.
Indeed, not to make such a recording may one day be treated as a cause for
suspicion.
Do we care? In Britain, apparently not. We accept CCTV cameras out of fear
of crime, and as a result we have more than any other nation in the world.
Meanwhile, a study by the Economic and Social Research Council's Virtual
Society programme has found that employees do not regard surveillance
systems in the workplace as invasions of privacy. And finally, in the form
of last year's Regulation of Investigatory Powers Act (RIP), we now have,
according to many observers, the most invasive legal apparatus anywhere in
the world. China, it has been pointed out, has nothing as draconian as this
on its statute book. It has been described by the constitutionalist Anthony
Barnett as "the most pernicious invasion of privacy ever imposed by a
democratic state". Among other things, the act ensures that all internet and
mobile-phone communications will potentially be interceptible by the police
and security services. Furthermore, even if you are not suspected of any
crime, you can be imprisoned for two years if you fail to disclose a
computer password. The communications of UK citizens can now be trawled by
GCHQ to investigate any "large number of persons in pursuit of a common
purpose".
'The bill,' said one executive with a leading internet service provider
(ISP), 'allows the construction of a police state overnight. Jack Straw
might not want to do this, but others would, and the tools would be in
place.'
Fortunately, because the government received bad technical advice, not all
the tools are yet in place. The plan originally was to force ISPs to install
black boxes that would route all internet traffic to the security services.
This turns out to be too expensive and technically difficult. Information
moves so quickly close to web hubs, it cannot be caught. The government and
the ISPs are now deep in technical and financial negotiations, and there
are, as yet, no black boxes.
Most incredible of all - not in the act but still on the agenda, thanks to
the enthusiasm of the National Criminal Intelligence Service - is the idea
for a data warehouse that would keep an archive of everybody's - yes,
everybody's - phone calls, e-mails and internet activity for a period of
seven years. Mobile phones, even when not in use, are in constant contact
with their base stations, telling them where they, and therefore you, are.
This feature was exploited by the police in the Jill Dando murder inquiry.
So in this warehouse would be a record of your exact movements for the past
seven years. One version of this scheme, christened Big Browser, would
include a record of every web address you ever visited. 'I can't think of
anything more intrusive than that,' says Caspar Bowden of the Foundation for
Information Policy Research. 'It's pretty much like being able to peek at
somebody's stream of consciousness without a warrant.' The act was
vigorously opposed by businesses and privacy campaigners, but, although
slightly modified, it was passed. Now the police and security services have
the right to hack into your life if they can show reasonable cause - they
can certainly demand that you surrender all your keys and passwords. The one
definite improvement to our privacy in the act is that police now have to go
to superintendent level before they can acquire our 'communications data' -
phone numbers and e-mail addresses. But it seems this was included to
prevent a large number of cases of policemen using this power to check up on
their wives and girlfriends.
The powers in the act are not largely concerned with actual interception of
communications. That requires a high-level warrant, and is only used on
about 500 people known to be dangerous - criminals, animal rights activists,
terrorists. But the act does allow for the mass trawling of communications
data, and this can, in fact, be more of a threat to the innocent, for it
creates a broad net of associations. For all I know, I may have been in
e-mail or phone contact with a dangerous subversive. This will automatically
place me on a suspect list, and I shall never know. 'This,' said the ISP
executive, 'is a potential invasion of everybody's privacy because we might
all be connected. We have less protection of access to this data than
anywhere in the world. It can be done on the say-so of a policeman.
Throughout Europe, a judge is needed.'
The one crucial defence against all this is the Data Protection Act, which
will ultimately allow you to demand to see all information held about you by
any organisation. You can go to any local authority operating CCTV cameras
and ask to see all the pictures they have taken of you. The security
services can get round this by claiming national interest. How far they can
take this is about to be tested in a number of cases.
Or you can avoid internet surveillance by always surfing via Safeweb - see
www.safeweb.com - which encrypts your browsing. But this is a surveillance
arms race, and doubtless the cyber spooks are already working on cracking
that. In any case, the mere fact that you are using encryption may well
attract the robotic attentions of Echelon. While you are online you might
really want to scare yourself by checking out www.privacy.net, which will
show how easy it is to trace your internet activity - I found my system was
being hacked by some character alarmingly named Psykojoko. After a long
process of investigation I discovered he was a healthy-looking French kid in
skiing gear - there was a photo on a peculiar website. He didn't respond
when I e-mailed a demand to know why he was hacking into my ISP. Or by going
to www.junkbusters.com, you can find out how private companies can watch
everything you do online. There is nothing like RIP in the US, because
privacy campaigners have been able to exploit a national distrust of the
federal government to stop it happening. On the other hand, Americans seem
less concerned about the collection of personal information by private
companies. Such information is regarded as a corporate asset: in law it
belongs to the company, not to the targeted individual. E-commerce, largely
controlled by the Americans, now depends on the ability of companies to
market directly to individual custo-mers - which is why many of us get
masses of junk e-mail, some of which seems to be based on a startling amount
of knowledge about our buying and browsing habits. Watch out for 'web bugs'
and 'cookies': these are little software systems that web pages put on your
computer to track your movements and recognise you when you call. (Get
yourself Window Washer software, which sweeps your system of all internet
history and cookies.)
The argument about all this is simple yet profound. On the one hand are the
cypherpunks who take the hard libertarian view that the state and the
corporations should be kept out of our lives at all costs: privacy is
sacred. Furthermore, they argue, however benign we might think our
government is today, tomorrow it might turn nasty. Tyranny is all about
surveillance; technology allows us to do that on an unprecedented scale. A
determined contemporary tyrant with the co-operation of the police and the
intelligence services could turn democracies into police states within
days - or, in Britain, hours.
'We should not be seduced by the myth of benevolent government,' write
Norris and Armstrong, 'for, while it may only be a cynic who questions the
benign intent of their current rulers, it would surely be a fool who
believed that such benevolence is assured in the future.' And Simon Davies
insists: 'It is in the nature of government to secure power for itself, and
often it is power for the sake of power. And power, once it is centralised,
is automatically abused.'
On the other hand, there are thinkers like the communitarian philosopher
Amitai Etzioni. Etzioni argues that the obsession with privacy is an aspect
of the anarchic, antisocial individualism that was born in the 1960s. He
says it has already done serious damage by, for example, preventing Aids
from being classified as a serious communicable disease in the US - gay and
civil rights campaigners claimed this was an unacceptable invasion of
privacy. Privacy, he says, is not a right that overrules all other
considerations. Society must be able to invade privacy when the public good
is involved. At stake is the future of all forms of social and political
organisation. The cypherpunks think that privacy invasion is a prelude to
tyranny, but Etzioni believes tyranny is more, not less, likely if the
cypherpunks are successful in getting the hyper-privacy they demand.
'Hobbling the ability,' he writes, 'of public authorities in a democracy to
protect people from drug dealers and other criminals is much more likely to
create social conditions under which strong-armed leaders will be invited to
restore law and order.'
Donn Parker, an American security expert, has commented on the new powers of
private sector cryptography: 'We have the capability of 100% privacy. But if
we use this, I don't think society can survive.' In any case, argues the
anti-privacy lobby, if you have nothing to hide, why worry? And, if you have
something to hide, we have a right to know in the name of the public good.
The first big argument against this is that we all have something to hide. I
don't want you to see my bank account or medical records, and I would guess
you don't want me to see yours. More intimately, we all get up to things
we'd rather keep quiet about. If those things are recorded on e-mails or
web- browsing histories and archived in some data warehouse, then
potentially they provide material for personal or political blackmail.
'In about two decades,' writes Bruce Schneier, 'we're going to have
elections where candidates are going to have to try to explain e-mail that
they wrote when they were adolescents.'
But the second big argument the anti-privacy lobby has to confront is trust.
Both the technology and the intelligence organisations are seriously prone
to abuse and error. I know, for example, that MI5 has information about me
that is wrong. I once needed security clearance and was told it was a
routine matter. A few weeks later, I was asked by an intermediary where I
had been over a period of months in the early 1990s. I had been at home.
Then, without explanation, I was denied security clearance. I have neither
done anything nor knowingly associated with anybody nor even expressed
opinions that would make me a threat to national security. And yet, in the
eyes of MI5, I am.
The internet, meanwhile, is a highly flawed source of information, and
trawling its contents is likely to produce serious errors. The reason is
that, out there on the web, nobody really knows who you are. There is
currently no secure way of establishing electronic identity. If you have a
common name, there may be thousands of people out there who could be you and
hundreds of bits of information that may or may not be about you. Another
personal example: I have, contrary to the belief of some people, nothing to
do with the Buddhist Society: it just happens to have a prominent member who
is also called Bryan Appleyard.
More seriously, the possibilities of abuse of these new technologies are
endless. One CCTV operator in Wales, for example, kept his camera focused on
a telephone box. Every time a girl he fancied walked by, he called the
number of the box. If she answered it, she found herself the victim of an
obscene caller. Furthermore, all types of surveillance create their own,
frequently misleading, reality. One study involved giving a group of
magistrates two forms of evidence in an assault case. One was traditional
verbal evidence; the other was CCTV evidence. The magistrates proposed
stiffer sentences on the basis of the CCTV evidence, even though the cases
were identical. Seeing the act was intrinsically more shocking, and yet it
was also potentially more mis- leading. 'Video evidence is based on sight,'
says Jason Ditton, professor of criminology at Sheffield university, 'but
the law is based on intention. You may see a fight on CCTV, but you don't
hear the provocation that started it.'
It was Ditton who produced the most devastating evidence against the
effectiveness of CCTV. His study in Glasgow showed that, after cameras were
installed, crime rates went up slightly and detection rates down. The police
were so shocked by the finding that the report's publication was delayed for
three years while they had it independently assessed. Ditton's findings were
confirmed. Admittedly, his study in the much smaller Scottish town of
Airdrie showed the reverse effect. Nevertheless, Ditton now seriously doubts
that CCTV has any effect: 'I don't see that pointing cameras down a few
streets should have any effect on crime rates.'
But politically, such insights seem to be powerless. Fighting crime has
risen so high up the party agendas that questions of effectiveness or the
privacy implications are hardly ever considered. 'The law-and-order issue
has become an arms race between the two major parties,' says Caspar Bowden.
CCTV has become one weapon in that arms race that nobody seems prepared to
question. And, to the disappointment of many, new Labour has shown itself
more willing to escalate the race than any previous government. 'New Labour
when they got into power were knobbled very quickly by the security
services,' says Ian Brown. 'If people like Peter Mandelson and Harriet
Harman get into government and find the security services have files on them
and they won't do anything about it, then who on earth is going to?'
Furthermore, however much lip service is paid to privacy, at the legislative
level serious breaches are still tending to creep through. At the time of
writing, the Criminal Justice and Police Bill, the social security bill, and
section 59 of the health bill all in their different ways allowed
extraordinary levels of access to private individual information by numerous
government departments. The price of privacy is eternal vigilance - or
direct action.
'We are entering a new age of individual action and organised privacy
movements,' says Simon Davies. 'You don't introduce surveillance throughout
the planet without there being a backlash.' The privacy issue, in other
words, could turn nasty and become an outright war between, on the one hand,
a loose confederacy of anarchists, libertarians, cypherpunks and human
rights groups and, on the other, government, police and intelligence
agencies.
The key peacekeeping figure at the moment is Information Commissioner
Elizabeth France. She is a high-flying Home Office civil servant with a
string of honorary degrees and a strikingly tough and self-possessed way
with the media. She inspires confidence. She needs to. With 100 staff,
rising to 300 over the next five years, she oversees all
freedom-of-information and data-protection issues, and it is her - almost
imposs-ible - job to balance the competing demands of privacy and public
interest. 'In a democratic state,' she says, 'you should be looking very
carefully when you invade privacy, and you should only do so when it is
necessary and proportionate.'
France insists she does not have a private opinion in these matters - she is
'a statutory creature' - but she is plainly dismayed by the apparent
readiness of the British to give up their privacy: 'I have no idea why it is
that the British population finds CCTV cameras comforting, whereas others
don't.' She says she is encouraged by current attitudes within government,
but she is constantly finding legislative developments - she mentions the
social security bill - that breach privacy guidelines. 'People tend to have
their own objectives, and if their objective is the prevention of fraud or
stopping paedophiles, then they tend to believe that whatever they are doing
must be in the public interest. We have to rein in that view, by making it
clear to people that they have to focus not just on their own ends. It's
about getting a balance that allows us to exploit the technology without
exploiting ordinary people.
'I also think we have to encourage citizens to understand they have rights,
and give them the confidence to use them. People tend to hold cheap their
right to privacy until they've lost it, and once they've lost it they can't
get it back.'
Public confidence, she says, is the key. If privacy is too easily invaded
and security lapses occur too often, then the police cannot expect public
co-operation, and neither can the government. If, for example, data from tax
returns filed online find their way to departments other than the Inland
Revenue, then people won't file electronically, however hard the Treasury
tries to persuade them. Technology has presented us with a bizarre and
complex issue. It has given us ways of invading privacy on an unthinkable
scale. And yet it has also - thanks to mechanisms like PKC - given us
unprecedentedly powerful ways of concealing our activities. Above all, it
has forced us to consider what we mean by and how we value privacy. Is it an
absolute right, or is it simply a desirable individual benefit that can be
overruled by the demands of wider social benefits? Is Etzioni justified in
saying that hyper-privacy is one more symptom of the malign individualism
that captivated the West from the 1960s onwards? Or are the cypherpunks
right to fear a future tyranny founded on information technology?
The answer is, I think, that both sides are half-right and, therefore,
half-wrong. Etzioni underestimates the possibilities for abuse of the new
technologies. Absolute power corrupts absolutely, and the 'maximum
surveillance society' offers politicians something perilously close to
absolute power. And yet the cypherpunks are effectively advocating anarchy.
'At issue,' says Tim May, a crypto-anarchist, 'is the end of governments as
we know them today.' Such talk is usually the prelude to chaos and dead
bodies - on the whole, I'd rather have spooks as long as they're on our
side. We cannot, almost by definition, know what agencies like MI5 are
doing, but if, as seems likely, they really are intent on stopping
terrorism, subversion and crime, then that must be a good thing... even if
they are wrong about me.
The whole issue is resolved if - and only if - all invasions of privacy are
ferociously controlled. The formidable Elizabeth France is a start, but we
also need the whole CCTV industry to be contained. It is currently out of
control. All private- sector and government databases have to be constantly
monitored, and new levels of training have to be introduced to ensure, for
example, that some NHS clerk does not leave my health details on an open
screen. Loss of privacy is not just a matter of supercomputers, it is also a
matter of casual stupidity.
James Ellis, had he lived for another few years, would have been staggered
to see what a Pandora's box was to be opened by his eureka moment in that
Cheltenham bedroom. For it was at that moment that the whole issue of
privacy in the modern world became a practical, urgent reality. After that,
the cryptographically enabled citizen had a place to hide, and the spooks
had reluctantly to admit that, actually, they needed to know exactly where
he was. It was, after all, for his own good. Probably.
THE SURVEILLANCE TRAP | YOUR WHOLE LIFE LAID BARE